I'm trying to set up a site-to-site VPN connection between my ASA 5505 (ASA 9.1(4) and ASDM 7.1(3)) and Windows Azure. For the configuration of the connection Microsoft supplies a configuration script (see below, IP and shared key removed) which sets up all the connection and encryption settings.
! Microsoft Corporation
! Windows Azure Virtual Network
! This configuration template applies to Cisco ASA 5500 Series Adaptive Security Appliances running ASA Software 8.3.
! It configures an IPSec VPN tunnel connecting your on-premise VPN device with the Azure gateway.
! Adjust the TCPMSS value properly to avoid fragmentation
sysopt connection tcpmss 1350
I ran this script succesfully and I checked the settings in ASDM. However I keep getting the error that UDP 500 is blocked:
Deny inbound UDP from 188.8.131.52/500 to 184.108.40.206/500 on interface outside
I'm quite new to Cisco firewalls and am looking for a fairly dummy proof way to allow the different protocol settings required (isakmp, NAT-T, L2TP, ESP) from the Azure gateway (220.127.116.11) to my outside ip address (18.104.22.168).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...